Artificial intelligence tools are increasingly being used in audits. Photo: File.
The federal government has issued new AI guidelines to help auditors.
The Audit and Assurance Standards Committee has posted web pages aimed at the public and private sectors to better understand AI when applied to audits.
By emphasizing AI technology application, we present opportunities and risks to auditors. This advice highlights pitfalls and benefits.
This advice focused on using AI auditing tools refers to automated software that extracts information from unstructured sources. Identifies patterns or anomalies in information. Make decisions or recommendations based on an analysis of information that the auditor should consider.
“AI audit tools use criteria that may be altered by the tool based on the information available, patterns and relationship identification.
“Using AI audit tools can increase the effectiveness and efficiency of audits.
“However, you need to use AI audit tools properly, otherwise the quality of your audit may be compromised.”
Some AI auditing tools may be called “black box” systems, and understanding how the tool is reaching its conclusion or output can be challenging or impractical.
Additionally, because the use of data auditors is unique data from the audited entity, organizations need to consider data privacy and manage data security risks.
The tool must be reviewed, evaluated and approved for a particular use for each engagement.
This should be done by a well-qualified and experienced professional.
Capacity, capacity, and cost/benefit analysis should be conducted regularly, and perceived “automation bias” should be avoided.
“Auditors should capture the risk technology pose as part of the auditor's risk assessment process,” the advice states.
“Auditors should be careful not to rely on information generated using technology (automation bias).
“Auditors may rely on AI applications for the process of creating or supporting critical information or judgments in financial/sustainability reports. Auditors should understand these applications and identify and assess the risks that determine the nature and scope of the audit work.”
The Audit and Assurance Standards Committee web page states that auditors should also consider control environments, systems and processes of audited entities (including general IT controls), and administrative reviews of inputs, assumptions, logic and outputs.
Be careful to warn of the possibility that the guidelines will be used to create documents that claim AI comes from third parties and that it claims to support the information in financial and sustainability reports.
Auditors suggest that they may need to rely heavily on independent third-party data sources, such as direct confirmation, to verify the reliability of the evidence.
Additional challenges can exist when information is generated by a unique third-party AI application.
If there are restrictions on auditors accessing the logic, data, and assumptions used, scope limitations may exist if appropriate alternative procedures are not possible.
AI applications can also be used to help auditors improve their written communications,” the advice states.
“For example, AI applications may help auditors write in writing for their audiences, using clear, concise language, improved grammar, and a clearer presentation format.
“Cybersecurity threats and information privacy should be considered.”
It states that sensitive information should not be provided to external applications.
“Ideally, tools should not send information outside the company. They should be careful using AI-generated summary of documents.
“The summary is not accurate, and may omit important aspects or nuances and use information outside of context.
“Documents generated by AI from web searches and third-party documents may not be trusted.”
